(111: Connection refused) while connecting to upstream - NGINX/Docker multi-container app

I'm really losing my marbles over this. I've dug through nearly every Stackoverflow question relating to this topic and tried everything out, yet I still can't fix my problem.

What I'm trying to do: I have a multi-container app running, using Docker: Docker Container

This is my nginx.conf:

events{}

http {
    include /etc/nginx/mime.types;

    server {
        listen 0.0.0.0:443 ssl;

        ssl_certificate /usr/share/nginx/custom-cert/bag-sai-server-cert.pem;
        ssl_certificate_key /usr/share/nginx/custom-cert/bag-sai-key.key;

        server_name <ip_addr>;

        index /prompt_ui_with_seperated_file_upload.html;

        location /ai {
                proxy_pass http://localhost:8000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

        location / {
                try_files $uri $uri/ =404;
                root /usr/share/nginx/html;
        }
    }
}

This is my docker-compose.yml:

services:
  ki-backend:
    platform: linux/amd64
    image: ki-backend:latest
    pull_policy: if_not_present
    container_name: ki-backend
    ports:
      - "8080:8000"
    expose:
      - 8080
    networks:
      - comms

  ki-ui:
    platform: linux/amd64
    image: ki-ui:latest
    pull_policy: if_not_present
    container_name: ki-ui
    ports:
      - "443:443"
    networks:
      - comms

networks:
    comms:
      driver: bridge

When trying to connect to URL:443 I get served the frontend no problem, but as soon as I want to access and URL with /ai/.. (backend path, also specified in location /ai) I get a 502 Bad Gateway from nginx.

Bad Gateway

I can see following error in the docker logs:

2024/08/22 13:11:27 [error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, 
client: <client_ip>, server: <server_ip>, 
request: "GET /ai/chatGPT HTTP/1.1", upstream: "http://[::1]:8000/ai/chatGPT", host: "<hosturl.com>"

docker ps

Don't know what to do.. As far as I can tell all the configurations are correct, but I just can't seem to get it to work.. I'm hosting this on an Azure VM and installed the certs for SSL :443 manually, if that makes any difference.

Any help would be greatly appreciated!

Solution

2024/08/22 13:11:27 [error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, client: <client_ip>, server: <server_ip>, request: "GET /ai/chatGPT HTTP/1.1", upstream: "http://[::1]:8000/ai/chatGPT", host: "<hosturl.com>"

The main issue here is that NGINX inside the Docker container is attempting to connect to localhost:8000 (or ::1:8000 for IPv6), which refers to the NGINX container itself, not the backend service (ki-backend).

This is the reason you're getting a 502 Bad Gateway error with connection refused — NGINX can't connect to the backend service on localhost:8000 because that port isn't exposed by the NGINX container.

Update the NGINX configuration to reference the ki-backend service by its Docker network alias instead of localhost.

nginx.conf:

events {}

http {
    include /etc/nginx/mime.types;

    server {
        listen 0.0.0.0:443 ssl;

        ssl_certificate /usr/share/nginx/custom-cert/bag-sai-server-cert.pem;
        ssl_certificate_key /usr/share/nginx/custom-cert/bag-sai-key.key;

        server_name <ip_addr>;

        index /prompt_ui_with_seperated_file_upload.html;

        location /ai {
            # Use service name instead of localhost
            proxy_pass http://ki-backend:8000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        location / {
            try_files $uri $uri/ =404;
            root /usr/share/nginx/html;
        }
    }
}

Change the proxy_pass directive in the nginx.conf file to use the service name ki-backend and its internal Docker network port (8000). Docker's internal DNS will resolve the service name to the correct IP address within the Docker network.

After modifying the nginx.conf file, need to rebuild the NGINX container to apply changes.

nginx logs:

2024/08/23 15:32:10 [info] 7#7: *1 client <client_ip> connected to 443 port
2024/08/23 15:32:10 [info] 7#7: *1 SSL handshake successful
2024/08/23 15:32:10 [info] 7#7: *1 SSL certificate verify ok
2024/08/23 15:32:10 [info] 7#7: *1 [lua] access_by_lua:12: client: <client_ip>, server: <server_ip>, request: "GET /ai/chatGPT HTTP/1.1", host: "<hosturl.com>"
2024/08/23 15:32:10 [info] 7#7: *1 proxy_pass to http://ki-backend:8000/ai/chatGPT succeeded
2024/08/23 15:32:10 [info] 7#7: *1 received response from upstream, client: <client_ip>, server: <server_ip>, request: "GET /ai/chatGPT HTTP/1.1", upstream: "http://ki-backend:8000/ai/chatGPT", host: "<hosturl.com>"
2024/08/23 15:32:10 [info] 7#7: *1 HTTP/1.1 200 OK
2024/08/23 15:32:10 [info] 7#7: *1 <response_headers_and_details>

Backend Service (ki-backend) Logs:

enter image description here

Backend service received the request from NGINX and processed it successfully, returning a 200 OK response.